Application Security DevSecOps Specialist

Who we are

NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.

What you'll be doing

• Implement security measures within CI/CD pipelines to ensure secure software delivery. 
• Static Application Security Testing (SAST) tools for analysing source code or binaries. 
• Dynamic Application Security Testing (DAST) tools for identifying vulnerabilities in running applications. 
• Software Composition Analysis (SCA) tools to detect vulnerabilities in open-source libraries and third-party components. 
• Secret scanning to prevent accidental inclusion of sensitive information like API keys or passwords. 
• Container scanning to analyse container images and runtime environments for vulnerabilities and misconfigurations. 
• Conduct code security reviews and triage security findings. 
• Collaborate with developers to fix identified vulnerabilities and ensure secure coding practices. 
• Perform API security testing for standalone APIs not integrated within applications. 
• Manage security testing automation processes. 
• Integrate security testing tools with organizational systems such as CMDB, ticketing systems, and reporting platforms. 
• Maintain tool certifications and stay updated with the latest capabilities and advancements. 
• Provide clear and actionable communication of findings to enable informed, prioritised actions. 
• Deliver detailed assessment reports with remediation recommendations aligned to risk severity. 
• Present findings to both technical and non-technical stakeholders, including executive leadership. 
• Maintain comprehensive documentation of security assessments, findings, and remediation tracking. 
• Work closely with development teams to integrate security seamlessly into their workflows. 
• Train developers on secure coding practices and the use of security tools. 
• Evaluate and implement AI-powered application security testing tools, ensuring validation of AI-generated findings by human experts. 
• Maintain awareness of AI-powered tools' limitations and compliance requirements. 
• Enhance the speed and reliability of secure code delivery. 
• Reduce vulnerabilities and improve the overall security posture of applications. 
• Ensure compliance with industry standards such as OWASP Top 10, CIS Benchmarks, and secure coding practices . 
• Work closely with Security Design Engineers to implement designs within frameworks defined by Security Architects. 

What you'll bring along

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• Minimum 3 – 5 years of experience in security testing tools and automation. 
• Knowledge of DevSecOps practices and CI/CD pipeline integration. 
• Familiarity with industry standards like OWASP, CIS Benchmarks, and secure coding guidelines. 
• Strong collaboration and communication skills for working with developers and stakeholders. 
• Excellent command of both spoken and written English